Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS13-040.NASL
HistoryMay 15, 2013 - 12:00 a.m.

MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

2013-05-1500:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities :

  • A spoofing vulnerability exists that could allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file.
    (CVE-2013-1336)

  • An authentication bypass vulnerability exists because of the way the Microsoft .NET framework improperly creates policy requirements for authentication when setting up WCF endpoint authentication. A remote attacker who exploited this vulnerability may be able to steal information or take actions in the context of an authenticated user. (CVE-2013-1337)

#
# (C) Tenable Network Security, Inc.
#




include("compat.inc");

if (description)
{
  script_id(66415);
  script_version("1.12");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id("CVE-2013-1336", "CVE-2013-1337");
  script_bugtraq_id(59789, 59790);
  script_xref(name:"MSFT", value:"MS13-040");
  script_xref(name:"MSKB", value:"2804576");
  script_xref(name:"MSKB", value:"2804577");
  script_xref(name:"MSKB", value:"2804579");
  script_xref(name:"MSKB", value:"2804580");
  script_xref(name:"MSKB", value:"2804582");
  script_xref(name:"MSKB", value:"2804583");
  script_xref(name:"MSKB", value:"2804584");

  script_name(english:"MS13-040: Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)");
  script_summary(english:"Checks version of System.Security.dll");

  script_set_attribute(attribute:"synopsis", value:
"The version of the .NET Framework installed on the remote host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is running a version of the Microsoft .NET
Framework that is affected by multiple vulnerabilities :

  - A spoofing vulnerability exists that could allow an
    attacker to modify the contents of an XML file without
    invalidating the signature associated with the file.
    (CVE-2013-1336)

  - An authentication bypass vulnerability exists because of
    the way the Microsoft .NET framework improperly creates
    policy requirements for authentication when setting up
    WCF endpoint authentication.  A remote attacker who
    exploited this vulnerability may be able to steal
    information or take actions in the context of an
    authenticated user. (CVE-2013-1337)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-040");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for .NET Framework 2.0 SP2,
3.5.1, 4.0, and 4.5.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1337");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

# Windows Embedded is not supported by Nessus
# There are cases where this plugin is flagging embedded
# hosts improperly since this update does not apply
# to those machines
productname = get_kb_item("SMB/ProductName");
if ("Windows Embedded" >< productname)
  exit(0, "Nessus does not support bulletin / patch checks for Windows Embedded.");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS13-040';
kbs = make_list(
  '2804576',
  '2804577',
  '2804579',
  '2804580',
  '2804582',
  '2804583',
  '2804584'
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

vuln = 0;

########## KB2804576 ###########
#  .NET Framework 4.0          #
#  Windows XP SP3,             #
#  Windows XP SP2 x64,         #
#  Windows 2003 SP2,           #
#  Windows Vista SP2,          #
#  Windows 7 SP1,              #
#  Windows Server 2008 SP2,    #
#  Windows Server 2008 R2 SP1  #
################################
missing = 0;
# Windows XP SP3
missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"4.0.30319.1004", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"4.0.30319.2006", min_version:"4.0.30319.1200", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows XP SP2 x64 / Server 2003 SP2
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"4.0.30319.1004", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"4.0.30319.2006", min_version:"4.0.30319.1200", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows Vista SP2 / Server 2008 SP2
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"4.0.30319.1004", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"4.0.30319.2006", min_version:"4.0.30319.1200", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows 7 SP1 / 2008 R2 SP1
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"4.0.30319.1004", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"4.0.30319.2006", min_version:"4.0.30319.1200", dir:"\Microsoft.NET\Framework\v4.0.30319");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804576");
vuln += missing;

######### KB2804577 ############
#  .NET Framework 2.0 SP2     #
#  Windows XP SP 3,           #
#  Server 2003 SP2            #
###############################
missing = 0;
missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"2.0.50727.7019", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"2.0.50727.3646", min_version:"2.0.50727.3000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"2.0.50727.7019", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"2.0.50727.3646", min_version:"2.0.50727.3000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804577");
vuln += missing;

########## KB2804579 ############
#  .NET Framework 3.5.1        #
#  Windows 7 SP1,              #
#  Server 2008 R2 SP1          #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"2.0.50727.7018", min_version:"2.0.50727.5600", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"2.0.50727.5469", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804579");
vuln += missing;

########## KB2804580 ############
#  .NET Framework 2.0 SP2      #
#  Windows Vista SP2,          #
#  Server 2008 SP2             #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"2.0.50727.7018", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"2.0.50727.4237", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804580");
vuln += missing;

########### KB2804582 ###########
#  .NET Framework 4.5          #
#  Windows Vista SP2,          #
#  Server 2008 SP2,            #
#  Windows 7 SP1,              #
#  Windows 2008 R2 SP1         #
################################
missing = 0;
# Windows Vista SP2 / Server 2008 SP2
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"4.0.30319.18038", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Security.dll", version:"4.0.30319.19057", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows 7 SP1 / 2008 R2 SP1
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"4.0.30319.18038", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Security.dll", version:"4.0.30319.19057", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804582");
vuln += missing;

########### KB2804583 ###########
#  .NET Framework 4.5          #
#  Windows 8,                  #
#  Server 2012                 #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"System.Security.dll", version:"4.0.30319.18039", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319");
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"System.Security.dll", version:"4.0.30319.19058", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804583");
vuln += missing;

########## KB2804584 ############
#  .NET Framework 3.5          #
#  Windows 8,                  #
#  Server 2012                 #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"System.Security.dll", version:"2.0.50727.6404", min_version:"2.0.50727.6000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"System.Security.dll", version:"2.0.50727.7018", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2804584");
vuln += missing;

if(vuln > 0)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, "affected");
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoft.net_frameworkcpe:/a:microsoft:.net_framework

Related

openvas 2
mskb 1
symantec 2
prion 2
checkpoint_advisories 1
cvelist 2
cve 2
seebug 1
securityvulns 2
openvas
openvas
Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
2013-05-15 00:00:00
Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
2013-05-15 00:00:00
mskb
mskb
MS13-040: Vulnerabilities in the .NET Framework could allow spoofing: May 14, 2013
2013-05-14 00:00:00
symantec
symantec
Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability
2013-05-14 00:00:00
Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability
2013-05-14 00:00:00
prion
prion
Authentication flaw
2013-05-15 03:36:00
Spoofing
2013-05-15 03:36:00
checkpoint_advisories
checkpoint_advisories
Microsoft .NET XML Digital Signature Spoofing (MS13-040; CVE-2013-1336)
2013-05-14 00:00:00
cvelist
cvelist
CVE-2013-1336
2013-05-15 01:00:00
CVE-2013-1337
2013-05-15 01:00:00
cve
cve
CVE-2013-1337
2013-05-15 03:36:00
CVE-2013-1336
2013-05-15 03:36:00
seebug
seebug
Microsoft .NET Framework 身份验证绕过漏洞(CVE-2013-1337)(MS13-040)
2013-05-17 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-05-27 00:00:00
Microsoft Lync code execution
2013-05-27 00:00:00
JSON
Related for SMB_NT_MS13-040.NASL
openvas2mskb1symantec2prion2checkpoint_advisories1cvelist2cve2seebug1securityvulns2